Story image

Phishing: It's all too easy on mobile devices

22 Nov 2018
Sponsored

Imagine a world without mobile devices. We only need to cast our minds back a couple of decades to conjure up an image; but in 2018 that world is almost unthinkable.

Despite the saturation of mobile devices everywhere from the workplace to the home, they're still vulnerable to a lack of security. Cybercriminals are quick to exploit this lack of care.

Websites and apps have been optimised for mobile, but mobile devices are easily compromised because they present new ways of delivering attacks.

Take phishing for example. Phishing on mobile is extremely difficult to spot with the naked eye. It only takes a single tap to compromise a mobile device. It could be a malicious URL, or maybe an innocent-seeming app connected to a malicious ad network. 

Or it could be an email that looks like it came from Greg in HR but was designed to trick your employees into giving up their credentials. A single errant tap moves an attacker closer to your data.

What’s more, it’s difficult to preview a link on a mobile device to see if it’s legitimate. On a desktop or laptop you’d generally hover your mouse over a link, but mobile users don’t have that luxury.

Lookout Personal analysed 67 million mobile devices between 2011 and 2016. If found that 56% of users received and tapped a phishing URL that bypassed their phone’s existing phishing defense capabilities. Of that 56%, people tapped on an average of six phishing URLs per year.

The number of phishing attempts is also on the rise – according to Lookout, phishing URLs have increased by an average of 85% year-over-year since 2011.

“We have seen up to 87% of the traffic to phishing sites coming from mobile devices,” Lookout says.

That’s bad news for users and devices, but great news for cybercriminals who are trying to offload their malware, steal personal information, or demand ransoms.

It’s a major problem, but employers and users are still failing to take adequate steps against phishing attacks.

Mobile devices are connected outside traditional firewalls, typically lack endpoint security solutions, and access a plethora of new messaging platforms not used on desktops. Additionally, the mobile user interface does not have the depth of detail users need to identify phishing attacks, such as hovering over hyperlinks to show the destination. 

Endpoint security firms such as Lookout are making it their mission to protect users, their organisations, and their data from phishing attacks.

To protect data from compromise, it’s now necessary to prevent employees from tapping malicious URLs that hide inside apps, in addition to SMS, messaging platforms, corporate and personal email.

Lookout offers comprehensive protection against mobile phishing on Android and iOS devices to keep enterprise data secure in a nuanced, mobile world.

One way it does this is by detecting phishing attempts from any source including email, social media and apps. It also allows IT administrators to set policies that protect against phishing attempts.

Lookout blocks attempted connections to URLs at the network level, instead of inspecting message content. This ensures employee privacy remains safe – this is important because users’ communication across social and messaging platforms needs to be safeguarded.

Learn how to protect your organisations’s data from malicious phishing attacks here.

To contact Lookout for a free demo or to find out how Lookout can help you protect your organisation’s data, click here.

Thycotic debunks top Privileged Access Management myths
Privileged Access encompasses access to computers, networks and network devices, software applications, digital documents and other digital assets.
Veeam reports double-digit Q1 growth
We are now focussed on an aggressive strategy to help businesses transition to cloud with Backup and Cloud Data Management solutions.
Paving the road to self-sovereign identity using blockchain
Internet users are often required to input personal information and highly-valuable data from contact numbers to email addresses to make use of the various platforms and services available online.
Tech Data to distribute Nutanix backup solution in A/NZ
Tech Data will distribute HYCU Data Protection for Nutanix backup and recovery software to their network of partners across Australia and New Zealand.
Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.
Safety solutions startup wins ‘radical generosity’ funding
Guardian Angel Security was one of five New Zealand businesses selected by 500 women (SheEO Activators) who contributed $1100 each.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.